Tag: security
Microsoft SharePoint has a worrying security flaw, experts warn
The US Cybersecurity and Infrastructure Agency (CISA) is warning admins that a Microsoft SharePoint Server flaw is now being actively exploited in the wild. In a new addition to its Known Exploited Vulnerabilities (KEV) catalog, CISA says CVE-2023-29357 is being used to gain elevated privileges. “These types of vulnerabilities are…
Read More
Tunefab music piracy tool leaked hundreds of gigabytes of user data over 24 hours last year
Users of the Tunefab suite of music ripping software could be waking up to an identity theft nightmare after experts claimed a database left user data publicly accessible for roughly twenty-four hours in September 2023. You might be reading this and thinking there isn’t a story here, and you might…
Read More
This dangerous malware is able to hijack your Google Account by reviving cookies
A serious exploit affecting Google services that is being used to grant threat actors access to Google Accounts has been uncovered by cybersecurity company CloudSEK. The exploit, which was identified in October 2023, enables continuous access to Google services even after a victim resets their password. The malware has “rapidly…
Read More
Barracuda fixes new ESG zero-day exploited by Chinese hackers
Cybersecurity experts from Barracuda recently discovered and patched a high-severity vulnerability in some of its email security gateway (ESG) devices. The flaw, tracked as CVE-2023-7102, is an Arbitrary Code Execution (ACE) vulnerability found inside a third-party library called Spreadsheet::ParseExcel. This library is used by the Amavis virus scanner, within the…
Read More
EasyPark data breach may affect millions of customers
EasyPark has confirmed it was hit in a cyberattack that saw customer data breached and revealed online. The company, which runs apps to help people find parking spots, said in an alert to customers that it discovered the breach on December 10 2023. According to BleepingComputer, the announcement did not…
Read More
Google Cloud says it has fixed a significant security flaw
Google Cloud has patched a vulnerability that may have allowed malicious actors with access to a Kubernetes cluster to elevate their privileges and wreak havoc. “An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that…
Read More